# Copyright (c) 2010 Flowerfire, Inc.  All Rights Reserved.
ibm_http_server = {

  plugin_version = "1.0.1"

  info.1.manfacturer = "IBM"
  info.1.device = "HTTP Server"
  info.1.version.1 = ""

  # 2006-08-16 - 1.0beta - GMF - original implementation.
  # 2007-09-14 - 1.0 - KBB - renumbered per new beta policy
  # 2010-12-21 - 1.0.1 - MSG - Edited info lines.

  # The name of the log format
  log.format.format_label = "IBM HTTP Server Log Format"
  log.miscellaneous.log_data_type = "web_server"
  log.miscellaneous.log_format_type = "web_server"

  # The log is in this format if any of the first ten lines match this regular expression
  log.format.autodetect_regular_expression = "^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9] [^ ]+ [^ ]+ [^ ]+ [0-9]+ (GET|POST|PUT) /[^ ]+ [^ ]* [0-9]+ [0-9]+ [0-9]+ .* [^ ]+$"
  log.format.parsing_regular_expression = "^([0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]) ([0-9][0-9]:[0-9][0-9]:[0-9][0-9]) ([^ ]+) ([^ ]+) ([^ ]+) ([0-9]+) (GET|POST|PUT) (/[^ ]+) ([^ ]*) ([0-9]+) ([0-9]+) ([0-9]+) (.*) ([^ ]+)$"

  # Get search engine and search phrase information from the referrer field (before it gets simplified).
  log.parsing_filters.compute_se_sp = {
    value = `if (get_search_engine_info(referrer)) then (
  search_engine = volatile.search_engine;
  search_phrase = volatile.search_phrase;
);
`
    requires_fields = {
      referrer = true
    }
  }

  # Get web browser, operating system, web browser, and spider information from the user-agent field.
  log.parsing_filters.derive_from_user_agent = {
    value = `get_user_agent_info(replace_all(cs_user_agent, '+', ' '));
web_browser = volatile.web_browser;
operating_system = volatile.operating_system;
spider = volatile.spider;
`
    requires_fields = {
      cs_user_agent = true
    }
  }


  log.fields = {

    date = ""
    time = ""
    c_ip.type = "host"
    cs_username = ""
    s_ip = ""
    s_port = ""
    cs_method = ""
    cs_uri_stem.type = "page"
    cs_uri_query = ""
    sc_status = ""
    sc_win32_status = ""
    time_taken = ""
    cs_user_agent.type = "agent"
    cs_referer.type = "URL"

  } # log.fields


  # Log Filters
  log.filters = {

    not_authenticated = {
      label = "$lang_admin.log_filters.not_authenticated_label"
      comment = "$lang_admin.log_filters.not_authenticated_comment"
      value = "if (cs_username eq '-') then cs_username = '(not authenticated)';"
      requires_fields = {
        cs_username = true
      }
    } # not_authenticated

    simplify_referrer = {
      label = "$lang_admin.log_filters.simplify_referrer_label"
      comment = "$lang_admin.log_filters.simplify_referrer_comment"
      value = "if (referrer eq '-') then referrer = '(no referrer)' else if (matches_regular_expression(referrer, '^([^:]+://[^/]+/)')) then referrer = $1 . '(omitted)'"
      requires_fields = {
        referrer = true
      }
    } # simplify_referrer

    internal_referrer = {
      label = "$lang_admin.log_filters.internal_referrer_label"
      comment = "$lang_admin.log_filters.internal_referrer_comment"
      value = "if (contains(referrer, 'mydomain.com/')) then referrer = '(internal referrer)';"
      disabled = true
      requires_fields = {
        referrer = true
      }
    } # internal_referrer

    set_page_for_worm = {
      label = "$lang_admin.log_filters.set_page_for_worm_label"
      comment = "$lang_admin.log_filters.set_page_for_worm_comment"
      value = "if (starts_with(worm, '(')) then '' else cs_uri_stem = '(worm)';"
      requires_fields = {
#        cs_uri_stem = true
        worm = true
      }
    } # set_page_for_worm


    # This filter tacks the page parameters ("URL query") onto the end of the page field
    empty_uri_query = {
      label = "$lang_admin.log_filters.empty_uri_query_label"
      comment = "$lang_admin.log_filters.empty_uri_query_comment"
      value = "if (cs_uri_query eq '-') then cs_uri_query = '(empty)';"
      disabled = true
      requires_fields = {
        cs_uri_query = true
      }
    } # empty_uri_query

    add_cs_uri_query = {
      label = "$lang_admin.log_filters.add_cs_uri_query_label"
      comment = "$lang_admin.log_filters.add_cs_uri_query_comment"
      value = "cs_uri_stem = cs_uri_stem . '?' . cs_uri_query"
      disabled = true
      requires_fields = {
        cs_uri_query = true
        cs_uri_stem = true
      }
    } # add_cs_uri_query


    detect_page_views = {
      label = '$lang_admin.log_filters.detect_page_views_label'
      comment = '$lang_admin.log_filters.detect_page_views_comment'
      value = "if ((file_type eq 'JPEG') or (file_type eq 'JPG') or (file_type eq 'GIF') or (file_type eq 'ICO') or (file_type eq 'PNG') or (file_type eq 'CSS') or (file_type eq 'SWF') or (file_type eq 'JS')) then page_views = 0; else page_views = 1;"
      requires_fields = {
        file_type = true
      }
    } # detect_page_views

    strip_non_page_views = {
      label = '$lang_admin.log_filters.strip_non_page_views_label'
      comment = '$lang_admin.log_filters.strip_non_page_views_comment'
      value = "if (page_views == 0) then cs_uri_stem = substr(cs_uri_stem, 0, last_index(cs_uri_stem, '/') + 1) . '(nonpage)';"
      requires_fields = {
        cs_uri_stem = true
      }
    } # strip_non_page_views

    mark_entry = {
      label = '$lang_admin.log_filters.mark_entry_label'
      comment = '$lang_admin.log_filters.mark_entry_comment'
      value = 'hits = 1;'
    } # mark_entry

  } # log.filters

  log.field_options = {

    sessions_page_field = "cs_uri_stem"
    sessions_visitor_id_field = "c_ip"
    sessions_event_field = "page_views"

  } # log.field_options


  database.fields = {

    date_time = ""
    hour_of_day = ""
    day_of_week = ""
    c_ip = ""
    cs_username = ""
    s_ip = ""
    location = ""
    s_port = ""
    cs_method = ""
    cs_uri_stem = ""
    file_type = ""
#    cs_uri_query = ""
    sc_status = ""
    sc_win32_status = ""
    web_browser = ""
    operating_system = ""
    spider = ""
    worm = ""
    screen_dimensions = ""
    screen_depth = ""
#    cs_user_agent = ""
    cs_referer = {
      suppress_top = 1
    }
    search_engine = ""
    search_phrase = ""

  } # log.fields


  database.numerical_fields = {

    hits = {
      requires_log_field = false
      entries_field = true
    } # hits

    page_views = {
      requires_log_field = false
      default = true
    } # page_views

    visitors = {
      log_field = "c_ip"
      type = "unique"
    } # visitors

    time_taken = {
      display_format_type = duration_milliseconds
    } # time_taken

    time_taken_avg = {
      label = "$lang_stats.field_labels.average $lang_stats.field_labels.time_taken"
      type = "float"
      aggregation_method = "average"
      average_denominator_field = "hits"
      display_format_type = duration_milliseconds
    } # time_taken

  } # database.numerical_fields


  create_profile_wizard_options = {

    # How the reports should be grouped in the report menu
    report_groups = {
      date_time_group = ""
      content_group = {
        file_type = true
        cs_uri_stem = true
        cs_uri_query = true
      }
      visitor_demographics_group = {
        c_ip = true
        domain_description = true
        location = true
        cs_username = true
      }
      visitor_systems_group = {
        screen_dimensions = true
        screen_depth = true
        web_browser = true
        operating_system = true
      }
      referrer_group = {
        referrer = true
        search_engine = true
        search_phrase = true
        referrer_description = true
        search_phrase_by_search_engine = true
      }
      server_group = {
        s_sitename = true
        s_computername = true
        s_ip = true
        s_port = true
        cs_host = true
      }
      other_group = {
        cs_version = true
        worm = true
        spider = true
        cs_method = true
        sc_status = true
        sc_substatus = true
        sc_win32_status = true
        cs_cookie = true
      }
    } # report_groups

  } # create_profile_wizard_options

} # ibm_http_server